•steal_token - attempts to steal the token of a specified (PID) process

•sysinfo - gets the details about the victim computer such as OS and name

User Interface Commands

•enumdesktops - lists all accessible desktops

•getdesktop - get the current meterpreter desktop

•idletime - checks to see how long since the victim system has been idle

•keyscan_dump - dumps the contents of the software keylogger

•keyscan_start - starts the software keylogger when associated with a process such as Word or browser

•keyscan_stop - stops the software keylogger

•screenshot - grabs a screenshot of the meterpreter desktop

•set_desktop - changes the meterpreter desktop

•uictl - enables control of some of the user interface components

Privilege Escalation Commands

•getsystem - uses 15 built-in methods to gain sysadmin privileges

Password Dump Commands

•hashdump - grabs the hashes in the password (SAM) file

Note that hashdump will often trip AV software, but there are now two scripts that are more stealthy, "run hashdump" and "run smart_hashdump". Look for more on those on my upcoming meterpreter script cheat sheet.

Timestomp Commands

•timestomp - manipulates the modify, access, and create attributes of a file

Other commands -

show exploits – shows the exploits you can run

show payloads – shows the various payload options you can execute on the exploited system such as spawn a command shell, uploading programs to run, etc.

info exploit [exploit name] – shows a description of a specific exploit name along with its various options and requirements

info payload [payload name] – shows a description of a specific payload name along with its various options and requirements

use [exploit name] – instructs msfconsole to enter into a specific exploit's environment

show payloads – shows the payloads compatible with the specific exploit you're working with

set PAYLOAD – allows you to set the specific payload for your exploit

show targets – shows the available target OSs and applications that can be exploited